Different roles within a business require different skillsets; and for the longest time the CIO’s role entailed technology only, or at the very least, it was viewed as a tech role. Times are changing in this digital business era, consequently so is the CIO role.
The transformation of the CIO’s role has been going on for various years now, but adaptation by business executives and the business process as a whole haven’t caught up yet. Why? Because resistance to change is quite common after years of doing things and thinking of them in a certain way. However, the CIO and CEO communication gap can cause a major business disruption nowadays since risk management, disaster recovery, and incident response all play a role in the continuation of operations by a business, as well as the safeguarding of sensitive data.
Three tips for any CIO, CEO, or business leader reading this article in the interests of staying in business, growing it, and defending it from cyberattacks: coordinate, communicate, and make it part of the business culture.
Tip 1: Coordinate
When a CIO and the C-Suite aren’t on the same page, you can’t enforce information security policies and procedures. It is essential that the CIO is given the attention necessary to communicate the business basics behind the policies and procedures that need to become a part of the business process for every employee, including the higher up.
- No matter the language barrier there may be between CIO tech language and C-Suite business language, asking questions targeted at what interests the C-Suite is one way that the CIO can slowly adapt to his/her new business leader role, which leads us to our second tip.
Tip 2: Communicate
No relationship has ever worked without communication and no changes can come in the absence of dialogue. For there to be open communication, it has to be brought to the attention of the executive team. The fact that the CIO still doesn’t have a seat at the C-Suite table isn’t news, that’s the concerning part. Either nobody is speaking or nobody is listening, whichever the case, it’s bad news for business.
- Changes in what language is used or being in the boardroom isn’t as much the issue as is the fact that businesses have not adopted an information security culture yet. They still see it as tech or something unrelated to the business process. This is not the case, which brings us to the third tip.
Tip 3: Make information security a part of the business culture
Large and small businesses are adapting big data, the cloud, IoT, mobile devices (BYOD), and more; but they still haven’t been able to do the same with the risk management that goes along with the use of these digital tools. The tools help a business with efficiency and productivity, but they also have their risks since they can be hacked. The level of dependence on those tools make the success of a business very fragile when those tools can be hacked and shut down.
- It isn’t a question of if a business will be breached, it’s a question of when. The dependence on digital tools should be parallel with a dependence on risk management and information security. It is a part of the business process already, just one that isn’t being placed as a priority.
If businesses want to avoid failing, if they want to avoid being the next Target or Wendy’s, if they want to close deals and grow, if they, if you, want all of this, it is time to adapt to change and to allow the CIO to help your business make that transition permanently.
As an expert in information security, NCX Group is here to help businesses get on track with protecting their business and growing it. Give us a call to settle once and for all where your risk management program stands and where it needs to be to defend your business.
Photo courtesy of Sergey Nivens